[webkit-gtk] Support for PKCS11 / Smartcard?
mcatanzaro at igalia.com
Tue Dec 4 07:28:49 PST 2018
On Mon, Dec 3, 2018 at 8:16 PM, mailto428496 <mailto628496 at cox.net>
> As you predicted it didn't work for smartcard authentication with
> (MiniBrowser) (perhaps I was overly optimistic that somehow it would
> magically work ;) and I am not sure how else to test it? But setting
> the GIO_USE_TLS=gnutls-pkcs11 variable does cause it to start looking
> smartcard related libraries. So that sounds like there is hope that
> would work after you got the client authentication working, that I
> assume would interface with whatever gnutls-pkcs11 provided? Any idea
> when that might happen? Also, it seems like it would be useful to
> the pkcs11 code around that you had recently removed ;)
That's what we need to figure out. Maybe you could do the same thing
with glib-networking 2.58 (e.g. in Fedora 29) and see if the smartcard
libraries are still being used? I think it should still be used, just
via GnuTLS rather than via gnutls-pkcs11. Not sure.
> Let me know if you have any ideas on how to test the glib-networking
> without WebKit, I am just not sure what else smartcard auth related
> would use it?
I'll ask around and see if someone has ideas.
> Also, this might be a long shot, but how hard would it be to get
> to redirect to another browser like firefox that could do the auth, or
> is the WebKit API just too specific for that to ever work? For fun I
> actually linked WebKitWebProcess to firefox and it does pop up
> but not surprisingly none of the information gets passed.
Hehe, there's no way to make that work, indeed.
We just need to fix https://bugs.webkit.org/show_bug.cgi?id=164509. It
shouldn't be too hard and it's on my TODO. I can't promise when I'll
get to it, though.
More information about the webkit-gtk